BackSign in

Privacy Policy

Last updated: 2 June 2026

1. Controller

The data controller is Your Time To Smile BV, trading as Barry Builds, Nieuwrodese Steenweg 13, 3200 Aarschot, Belgium, VAT BE 0663 937 086. Contact: hello@yourtimetosmile.be.

2. Data we collect

  • Account data: email address, display name, authentication identifiers.
  • Session content: sport sessions you create (sport, stats, optional photos, generated titles/captions).
  • Billing data: plan, Stripe customer ID, payment status. Card details are handled directly by Stripe — we never see or store them.
  • Product analytics: first-party event counts (e.g. "post generated") stored in your browser; sent to our servers only with your consent.
  • Technical data: user agent and request metadata strictly needed to operate and secure the service.
  • Legal consents: a record of cookie choices and checkout consents (text shown, version, timestamp). No IP address is stored.

3. Purposes and legal bases (GDPR Art. 6)

  • Operating your account and providing the service — performance of a contract.
  • Processing payments and managing subscriptions — performance of a contract and legal obligation (accounting).
  • Transactional and security emails — performance of a contract / legitimate interest.
  • Product analytics and cookies beyond strictly necessary — your consent, which you can withdraw at any time.
  • Fraud prevention, abuse detection, and legal compliance — legitimate interest / legal obligation.

4. Processors we use

  • Lovable Cloud (managed Supabase) — application database, authentication, storage. EU region.
  • Stripe Payments Europe, Ltd. — payment processing.
  • Email delivery provider — sending transactional and account emails.

We do not sell personal data and do not run third-party advertising trackers.

5. International transfers

Where any processor transfers data outside the EEA, transfers are protected by the European Commission's Standard Contractual Clauses or an adequacy decision.

6. Retention

  • Account & session data: kept while your account is active; deleted within 30 days of account deletion.
  • Billing records: kept for 7 years to meet Belgian accounting obligations.
  • Consent records: kept for 5 years for audit purposes.
  • Suppressed/unsubscribed emails: kept until you reactivate or request deletion.

7. Your rights

Under the GDPR you have the right to:

  • Access your data and receive a copy (portability).
  • Rectify inaccurate data.
  • Erase your data (right to be forgotten), subject to legal retention obligations.
  • Restrict or object to processing.
  • Withdraw consent at any time (without affecting prior lawful processing).
  • Lodge a complaint with the Belgian Data Protection Authority (APD-GBA) or your local supervisory authority.

To exercise any right, email hello@yourtimetosmile.be.

8. Security

We use industry-standard measures (TLS in transit, encrypted databases at rest, RLS for tenant isolation, hashed credentials). No system is 100% secure — please use a strong, unique password.

9. Children

The service is not intended for users under 16.

10. Changes

We will publish updates to this policy here and update the "Last updated" date.